Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gradio-app — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting gradio-app. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gradio-app is an open-source Python library designed to simplify the creation of user interfaces for machine learning models, enabling developers to quickly demo and share AI applications. Despite its utility, the project has accumulated 46 recorded Common Vulnerabilities and Exposures (CVEs), reflecting significant security challenges in its rapid development cycle. Historically, these vulnerabilities frequently involve remote code execution (RCE) and cross-site scripting (XSS), often stemming from inadequate input sanitization or improper handling of uploaded files. While privilege escalation is less common, the potential for arbitrary code execution poses severe risks to deployment environments. Notable incidents highlight the dangers of exposing unverified model endpoints, emphasizing the need for rigorous security auditing. Users must implement strict access controls and keep dependencies updated to mitigate these inherent risks associated with the framework’s flexible architecture.

Found 21 results / 46Clear Filters
Top products by gradio-app: gradio gradio-app/gradio
CVE IDTitleCVSSSeverityPublished
CVE-2024-8021 Open Redirect in gradio-app/gradio — gradio-app/gradioCWE-601 6.1 -2025-03-20
CVE-2024-10648 Path Traversal in gradio-app/gradio — gradio-app/gradioCWE-29 9.1 -2025-03-20
CVE-2024-12217 Path Traversal in gradio-app/gradio — gradio-app/gradioCWE-22 3.3 -2025-03-20
CVE-2024-8966 Denial of Service in gradio-app/gradio — gradio-app/gradioCWE-770 7.5 -2025-03-20
CVE-2024-10569 Zip Bomb Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-475 7.5 -2025-03-20
CVE-2024-10624 Regular Expression Denial of Service (ReDoS) in gradio-app/gradio — gradio-app/gradioCWE-1333 7.5 -2025-03-20
CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio — gradio-app/gradioCWE-400 7.5 -2025-03-20
CVE-2024-4940 Open Redirect in gradio-app/gradio — gradio-app/gradioCWE-601 6.1 -2024-06-22
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio — gradio-app/gradioCWE-918 7.5AIHighAI2024-06-06
CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio — gradio-app/gradioCWE-22 7.5AIHighAI2024-06-06
CVE-2024-4254 Secrets Exfiltration in gradio-app/gradio — gradio-app/gradioCWE-214 6.5AIMediumAI2024-06-04
CVE-2024-4253 Command Injection in gradio-app/gradio — gradio-app/gradioCWE-78 9.8AICriticalAI2024-06-04
CVE-2024-1561 Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio — gradio-app/gradioCWE-29 7.5 -2024-04-16
CVE-2024-1183 SSRF Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-601 5.3 -2024-04-16
CVE-2024-1728 Local File Inclusion in gradio-app/gradio — gradio-app/gradioCWE-22 9.8AICriticalAI2024-04-10
CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-367 5.9AIMediumAI2024-03-29
CVE-2024-1540 Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow — gradio-app/gradioCWE-77 7.5 -2024-03-27
CVE-2024-2206 SSRF Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-918 7.1 -2024-03-27
CVE-2024-1727 CSRF Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-352 7.1 -2024-03-21
CVE-2024-0964 LFI in Gradio — gradio-app/gradioCWE-22 9.8 -2024-02-05
CVE-2023-6572 Command Injection in gradio-app/gradio — gradio-app/gradioCWE-77 7.5AIHighAI2023-12-14

This page lists every published CVE security advisory associated with gradio-app. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.